Docs
Practical guide to Doorman: what users can do, how operators set it up, and how technical teams integrate auth, RBAC, billing, and usage.
Operations
Workers
pnpm --filter @doorman/worker aggregate: aggregate usage buckets.pnpm --filter @doorman/worker sync-usage: export usage to billing provider.pnpm --filter @doorman/worker sync-subscriptions: sync subscription state.pnpm --filter @doorman/worker sync-invoices: sync invoice state.pnpm --filter @doorman/worker usage-alerts: evaluate usage alert rules.pnpm --filter @doorman/worker usage-retention: prune old usage data.
Local Kratos and notification emails are captured by Mailslurper.
- UI:
http://localhost:4436 - API:
http://localhost:4437 - SMTP:
localhost:1025
Stripe
Use Stripe test mode locally. Doorman accepts unsigned Stripe webhooks in development if no signing secret is set, but real environments must set the signing secret.
STRIPE_DRY_RUN=0 STRIPE_API_BASE=https://api.stripe.com STRIPE_SECRET_KEY=sk_test_... STRIPE_WEBHOOK_SIGNING_SECRET=whsec_... POST https://doorman.f1cs-dev.it/api/billing/stripe/webhook
Troubleshooting
- OAuth redirect mismatch: recreate or update the OAuth client redirect URI exactly.
- Missing RBAC claim: verify the token audience, app membership, tenant membership, and app role assignment.
- Checkout fails: verify Stripe secret, base plan component, and real price_ ID.
- No billing entitlement: poll subscription status and require is_active=true.
- SSO provider not found: verify identity provider domain mapping and issuer/client settings.